Beispiel #1
0
def save_token(token_data, request):
    requested_scopes = set(scope_to_list(token_data.get('scope', '')))
    application = OAuthApplication.query.filter_by(
        client_id=request.client.client_id).one()
    link = OAuthApplicationUserLink.query.with_parent(application).with_parent(
        request.user).first()

    if link is None:
        link = OAuthApplicationUserLink(application=application,
                                        user=request.user,
                                        scopes=requested_scopes)
    else:
        if not requested_scopes:
            # for already-authorized apps not specifying a scope uses all scopes the
            # user previously granted to the app
            requested_scopes = set(link.scopes)
            token_data['scope'] = list_to_scope(requested_scopes)
        new_scopes = requested_scopes - set(link.scopes)
        if new_scopes:
            logger.info('New scopes for %r: %s', link, new_scopes)
            link.update_scopes(new_scopes)

    link.tokens.append(
        OAuthToken(access_token=token_data['access_token'],
                   scopes=requested_scopes))

    # get rid of old tokens if there are too many
    q = (db.session.query(OAuthToken.id).with_parent(link).filter_by(
        _scopes=db.cast(sorted(requested_scopes), ARRAY(db.String))).order_by(
            OAuthToken.created_dt.desc()).offset(
                MAX_TOKENS_PER_SCOPE).scalar_subquery())
    OAuthToken.query.filter(
        OAuthToken.id.in_(q)).delete(synchronize_session='fetch')
Beispiel #2
0
 def get_scope(self):
     # scopes are restricted by what's authorized for the particular user and what's whitelisted for the app
     return list_to_scope(sorted(self.scopes))
Beispiel #3
0
 def get_allowed_scope(self, scope):
     if not scope:
         return ''
     allowed = set(self.allowed_scopes)
     scopes = set(scope_to_list(scope))
     return list_to_scope(allowed & scopes)
Beispiel #4
0
 def get_scope(self):
     # scopes are restricted by what's authorized for the particular user and what's whitelisted for the app
     scopes = self.scopes & set(self.app_user_link.scopes) & set(
         self.application.allowed_scopes)
     return list_to_scope(sorted(scopes))
Beispiel #5
0
 def get_allowed_scope(self, scope):
     if not scope:
         return ''
     allowed = set(self.scope.split())
     scopes = scope_to_list(scope)
     return list_to_scope([s for s in scopes if s in allowed])